CVE-2006-5734
published 2006-11-06CVE-2006-5734: Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.38%
68.7th percentile
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adaptive_technology_resource_centre | atutor | — | — |
| phpmailer | phpmailer | >= 0 < 5.2.0 | 5.2.0 |
| pineapple_technologies | lore | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.5HIGH
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PHPMailer Local file inclusion
ghsa·2024-02-02·CVSS 7.5
CVE-2006-5734 [HIGH] PHPMailer Local file inclusion
PHPMailer Local file inclusion
### Impact
Arbitrary local file inclusion via the `$lang` property, remotely exploitable if host application passes unfiltered user data into that property. The 3 CVEs listed are applications that used PHPMailer that were vulnerable to this problem.
### Patches
It's not known exactly when this was fixed in the host applications, but it was fixed in PHPMailer 5.2.0.
### Workarounds
Filter and validate user-supplied data before use.
### References
https://nvd.nist.gov/vuln/detail/CVE-2006-5734
https://nvd.nist.gov/vuln/detail/CVE-2007-3215
https://nvd.nist.gov/vuln/detail/CVE-2007-2021
Example exploit: https://www.exploit-db.com/exploits/14893
### For more information
If you have any questions or comments about this advisory:
* Open a private issue in [the
OSV
PHPMailer Local file inclusion
osv·2024-02-02·CVSS 7.5
CVE-2006-5734 [HIGH] PHPMailer Local file inclusion
PHPMailer Local file inclusion
### Impact
Arbitrary local file inclusion via the `$lang` property, remotely exploitable if host application passes unfiltered user data into that property. The 3 CVEs listed are applications that used PHPMailer that were vulnerable to this problem.
### Patches
It's not known exactly when this was fixed in the host applications, but it was fixed in PHPMailer 5.2.0.
### Workarounds
Filter and validate user-supplied data before use.
### References
https://nvd.nist.gov/vuln/detail/CVE-2006-5734
https://nvd.nist.gov/vuln/detail/CVE-2007-3215
https://nvd.nist.gov/vuln/detail/CVE-2007-2021
Example exploit: https://www.exploit-db.com/exploits/14893
### For more information
If you have any questions or comments about this advisory:
* Open a private issue in [the
GHSA
GHSA-x3xg-mc2f-hj3q: Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-2021 [HIGH] GHSA-x3xg-mc2f-hj3q: Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in
Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://securityreason.com/securityalert/1823http://www.securityfocus.com/archive/1/449233/100/200/threadedhttp://www.securityfocus.com/bid/20634https://exchange.xforce.ibmcloud.com/vulnerabilities/29693http://securityreason.com/securityalert/1823http://www.securityfocus.com/archive/1/449233/100/200/threadedhttp://www.securityfocus.com/bid/20634https://exchange.xforce.ibmcloud.com/vulnerabilities/29693
2006-11-06
Published